Security

Safeguarding your personal and financial information is a responsibility we take very seriously at Border State Bank. However, you should also remain vigilant against potential threats to "Identity Theft". Identity Theft affects millions of people each year.

Thieves can get your personal information by many means, both technology based and people based, including, but not limited to:

Border State Bank Online Banking and Mobile Banking are great resources for monitoring your accounts and transactions*

Change your password at least every 90 days

Never disclose personal information to anyone without authorization to access your accounts. Unless you initiate the contact or we are completing an application for you, Border State Bank will NOT request your personal information (e.g. account number, PIN, Social Security number, or mother’s maiden name) through email, U.S. mail or phone

Do not print your driver’s license number or Social Security number on personal checks

Report lost or stolen checks or bank cards immediately

Store new and cancelled checks in a secure location

Select and memorize a PIN that never uses information readily found in your wallet or purse (e.g. your house number or date of birth)

Promptly review monthly financial statements yourself and report any discrepancies immediately. Never ignore suspicious charges on your statements. If regular bills or statements stop coming to you, call the company's customer service number to determine if someone has filed a false change-of-address notice to divert your mail

Retain all receipts from ATM, debit and credit card transactions until they have been reconciled to your statements and ensure your account number is not readable when you dispose of them

Be sure to sign new bankcards immediately

Only carry important documents as needed (e.g. Social Security card, passport or birth certificate). If lost or stolen, a thief could use them

Destroy cards you no longer use, making sure the numbers are not recognizable

Be careful in responding to “Work from Home” ads as this is a common method for fraudsters to attract money mules unknowingly. Money mules transfer money acquired illegally on behalf of others and are typically paid a small part of the money transferred for their services

Report suspicious emails or phone inquiries (e.g. requesting account information to “award a prize” or “verify a statement”) to your phone company, Border State Bank or the local authorities. Call Border State Bank to report this activity.

Forward any suspicious emails to marketing@borderstatebank.com that appear to be from Border State Bank and request that you click on a link to enter your login credentials or personal information

Consistently validate that each of your computers has up-to-date software installed including operating system, personal firewall, anti-virus, anti-spyware and current browser. Ensure your anti-virus and anti-spyware software is enabled and performing scans on a regular basis. Use reputable internet tools to scan your browser for known vulnerabilities.

If you believe you have been a victim of fraud related to your Border State Bank accounts, notify us immediately by calling your local Border State Bank, so we can take action to help you. A formal complaint can also be filed with the Internet Crime Complaint Center (IC3) at www.ic3.gov.

*Use of these features and services requires internet and/or data access through a computer or mobile device. Subject to availability and the same limitations as any service available through the internet. Border State Bank is not responsible for matters that are outside of its reasonable control that might impact availability and functionality. Border State Bank reserves the right to suspend service for any reason at any time. Your mobile carrier’s text messaging and data charges may apply.

Staying Safe from Tax Scams

As people seek to file their tax returns this year, cybercriminals will be busy trying to take advantage of this with a variety of scams. Citizens may learn they are victims only after having a legitimate tax return rejected because scammers already fraudulently filed taxes in their name. According to the Internal Revenue Service (IRS), there was a 60% increase in 2018 in phishing scams that tried to steal money or tax data. The IRS identified 9,557 fraudulent tax returns as of only February 24th, 2018 for the last filing season. As everyone aims to file their returns among all this fraud, the following advice will explain how tax fraud happens and provide recommendations on how to prevent it from happening to you or how to get help if you are unfortunately affected by a tax scam!

HOW IS TAX FRAUD PERPETRATED?

The most common way for cybercriminals to steal money, financial account information, passwords, or Social Security Numbers is to simply ask for them. Criminals will send phishing messages often impersonating government officials and/or IT departments. They may tell you a new copy of your tax form is available. They may include a link in a very official looking email that goes to a website that uses an official organization’s logo and appears legitimate, yet is fraudulent. If you attempt to login into the false website, or provide any personal information, the criminals will see what you type and try to use it to compromise your other accounts and file a false return in your name.

Additionally, much of your personal information can be gathered online from sources like social media or past data breaches. Criminals know this, so they gather pieces of your personal information from a variety of sources and use the information to file a fake tax refund request! If a criminal files a tax return in your name before you do, you will go through the arduous process of proving that you did not file the return and subsequently correcting the return.

Criminals also impersonate the IRS or other tax officials, demanding tax payments and threatening you with penalties if you do not make an immediate payment. This contact may occur through websites, emails, or threatening calls or text messages that seem official but are not. Sometimes, criminals request their victims to pay “penalties” via strange methods like gift cards or prepaid credit cards. It is important to remember that the IRS lets citizens know it will not do the following:

Initiate contact by phone, email, text messages, or social media without sending an official letter in the mail first.

Call to demand immediate payment over the phone using a specific payment method such as a debit/credit card, a prepaid card, a gift card, or a wire transfer.

Threaten you with jail or lawsuits for non-payment.

Demand payment without giving you the opportunity to question or appeal the amount they say you owe.

Request any sensitive information online, including PIN numbers, passwords or similar information for financial accounts.

HOW CAN YOU PROTECT YOURSELF FROM TAX FRAUD?

File your taxes as soon as you can…before the scammers do it for you!

Always be wary of calls, texts, emails, and websites asking for personal or tax data, or payment. Always contact organizations through their publicly-posted customer service line. If they contact you end the call and call the organization on the phone number on their website. As mentioned previously, the IRS will initiate contact on these issues by mail through the postal service.

Don’t open attachments from unsolicited messages, as they may contain malware.

Only conduct financial business over trusted sites and networks. Don’t use public, guest, free, or insecure Wi-Fi networks.

Use strong, unique passwords for all your accounts and protect them. Reusing passwords between accounts is a big risk that allows a breach of one account to affect many of them!

Shred all unneeded or old documents containing confidential and financial information.

Check your financial account statements and your credit report regularly for unauthorized activity. Consider putting a security freeze on your credit file with the major credit bureaus. This will prevent identity thieves from applying for credit or creating an IRS account in your name.

If you receive a tax-related phishing or suspicious email at work, report it according to your organization’s cybersecurity policy. If you receive a similar email on your personal account, the IRS encourages you to forward the original suspicious email as an attachment to its phishing@irs.gov email account, or to call the IRS at 800-908-4490. More information about tax scams is available on the IRS website and in the IRS Dirty Dozen list of tax scams.

If you suspect you have become a victim of tax fraud or identity theft, the Federal Trade Commission (FTC) Identity Theft website provides a step-by-step recovery plan. It also allows you to report if someone has filed a return fraudulently in your name, if your information was exposed in a major data breach, and many other types of fraud.

The information provided in the MS-ISAC Monthly Security Tips Newsletter is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes.

Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.

Sun, Sand, and Cybersecurity

This month, in partnership with the National Cyber Security Alliance, we aim to provide some valuable tips on staying cyber safe while heading on a summer vacation. Whether you are out exploring or relaxing, it is important to strive to be as secure as possible with your digital devices and information. Unfortunately, travel can open you up to different points of vulnerability compared to normal everyday use at home, and we don’t just mean accidentally going swimming with your cell phone. You see, while traveling you are operating outside of your normal, safe routines. This means using your devices on different networks and putting them down in different locations, including under your beach towel while swimming. By following some smart practices, you can connect with greater confidence during a summer escape.

GETTING READY TO GO:

Avoid mayhem and make magical family memories by taking a few simple cyber safety steps before you head out of town. The goal here is to prepare your devices for travel and to keep them from being used against you.

Keep a clean machine: Before you hit the road, make sure all security and critical software is up-to-date on your mobile devices and keep them updated during travel. These protections are your best line of defense against viruses and malware.

Lock down your login: Your usernames and passwords are not enough to protect key accounts like those you use for email, banking, and social media. Fortify your online security by turning on multi-factor authentication, commonly referred to as two-factor authentication, when available. This typically pairs your username and password (i.e. something you know) with a message sent to your phone (i.e. something you have) or your fingerprint (i.e. something you are).

Password protect: Use a passcode or security feature like a finger swipe pattern or fingerprint to lock your mobile device. Also set your screen to lock after a short period of time by default. If you do choose to use a finger swipe, make sure it has at least one turn (preferably two) and that a pin code has at least 6 numbers!

Think before you use that app: New apps are tempting! It is important to always download new apps from only trusted sources like the Apple App Store or the Google Play Store. Additionally, consider limiting your apps access to services on your device, like location services.

Own your online presence: Set the privacy and security settings on social media accounts, web services, and devices. It is okay to limit how and with whom you share information – especially when you are away.

WHILE ON THE GO:

Once you and your gang are at your destination, you are in new territory and are facing new potential cyber threats. Here are some ways you can keep up secure practices while out and about.

Get savvy about what you do on other peoples’ Wi-Fi and systems: Do not transmit personal info or make purchases on unsecure or public networks. Instead, use your phone carrier internet service for these needs. For laptops/tablets, it is easy to use your phone as a personal hotspot to surf more securely using carrier data. Also, never use a public computer or device to shop, log in to accounts, or do anything personal.

Turn off Wi-Fi and Bluetooth when idle: When Wi-Fi and Bluetooth are on, they may connect and track your whereabouts. Only enable Wi-Fi and Bluetooth when required, and disable your Wi-Fi auto-connect features.

Protect your $$$: Be sure to shop or bank only on secure sites. Web addresses with ‘https://’ and a lock icon indicate that the website takes extra security measures. However, an “http://” address indicates your connection is not secure (not encrypted) and you should not transmit payment or sensitive information over to such a site.

Share with care: Think twice before posting pictures that signal you are out of town. Knowing you are away from home is a great piece of information for a criminal to have and they may target your home for physical crime. Also consider limiting your social media apps’ access to location services on your device, and omit location information while making your posts and sharing your pictures.

Keep an eye on your devices: Laptops, smartphones, and tablets are all portable and convenient, making them perfect for a thief to carry away! Keep your devices close to you and hold onto them if strangers approach you to talk, as a common scam consists of a stranger distracting you and placing a map or newspaper over your device and walking away with it when finished talking.

Know your destination’s laws: If you are heading out of the country, check up on any specific laws on internet and device usage. Additionally, bring as few devices as possible and consider using a device specifically purchased for international travel.

Armed with these tips and practices, you should have a happy and cyber safe vacation ahead of you. To learn more about staying cyber safe and secure while traveling, head to the MS-ISAC’s Security Primer covering this topic. For more information on NCSA, including countless resources on staying cyber secure, please visit staysafeonline.org.

This information is intended to increase the security awareness of an organization's end users and to help them behave in a more secure manner within their work environment. While some of the tips may relate to maintaining a home computer, the increased awareness is intended to help improve the organization's overall cyber security posture. This is especially critical if employees access their work network from their home computer. Organizations have permission and are encouraged to brand and redistribute this newsletter in whole for educational, non-commercial purposes. Disclaimer: These links are provided because they have information that may be useful. The Center for Internet Security (CIS) does not warrant the accuracy of any information contained in the links and neither endorses nor intends to promote the advertising of the resources listed herein. The opinions and statements contained in such resources are those of the author(s) and do not necessarily represent the opinions of CIS.

Small Business Security 101

Small business security is something that is often overlooked, with IT responsibilities seemingly assigned to the person who knows the most about computers in many cases. While fulfilling the basic needs of the company, assigning such important responsibilities carelessly leaves your business vulnerable to a cyber attack that could result in the loss of customer information or severely damage your reputation.

IGNORANCE IS BLISS, OR IS IT?Smaller businesses are attractive targets to attackers because most small businesses rely on technology to perform day-to-day operations. Many businesses would not be able to thrive without the ability for customers to view its website, make online transactions, or even the ability for employees to send an email to employees or customers around the globe. Small businesses must realize that the technology that allows you to grow and be profitable can also pose the greatest threat to your business if not properly managed.Without training your employees to identify and understand the risk of cyber attacks, many businesses are sitting ducks for an attacker to simply harvest customer information. That’s what we call a low-risk, high-reward opportunity. The reputational damage caused by a cyber attack could very well force your business to close its doors completely.

WHERE TO STARTAn understanding of information security and how a well-managed program operates significantly reduces the risk of data being lost or stolen due to a cyber attack. In 2017, Manta conducted a poll of 1,420 small business owners and found that 87% felt they were at risk of experiencing a data breach. Additionally, only a 17% noted that they had basic IT security controls in place. Basic security controls like antivirus and a firewall are critical to the health of the organization and its responsibility of protecting the customer information it possesses. Below are five (5) areas that any organization that utilizes the Internet NEEDS and is EXPECTED to have in place. If your business has not addressed these five (5) security control areas, stop what you’re doing and figure out how to protect your organization immediately.

A business-class firewall: Home routers can be inexpensive and are great for simple tasks such as streaming online videos. Focus on investing in something that is made for businesses and allows you to change default settings.

Anti-virus/anti-malware: You can choose either or both; just make sure you pay for the subscription and use its features.

Email filtering: 93% of all data breaches begin with a phishing email. A single phishing email has the potential to cause significant damage to a business and is the most widely attack used; make sure you do everything you can to keep junk and phishing emails our of your environment.

User access controls: Not limited to just strong and unique passwords; user access controls should be based on the principle of least privilege. Administrator accounts should never be used for regular duties. Reducing privileges for users drastically reduces the risk of an employee accidentally installing a malicious program onto their workstation.

Patch management: It is paramount that systems are patched in a timely manner as soon as new patches are available. Be sure your third-party programs are included in your patch plan.

HOW TO IMPROVE (Don’t Be the Low Hanging Fruit)IT security is not something you put in place and never touch or think about again. It is a continual process of improvement to stay one step ahead of the bad guys. Proactive security keeps businesses mindful of new threats and how you can protect yourself vs. reactive security where businesses are running to catch up with threats after they have happened. Now that some basic areas of security have been defined, businesses need to continue to grow their security posture for the future. Here are five (5) additional controls that businesses can implement to improve security:

Vulnerability scanning: This is an excellent way for a business to understand and measure how successful the patch management program is or if there are additional vulnerable programs on the network.

Password managers: These are a powerful tool that can be used to create extremely strong and unique passwords for all employee’s accounts. One master password is used to unlock a digital vault where passwords to websites can be securely stored and viewed. Password vaults can stop employees from using the same password for everything and worrying about remembering 200 different passwords (the number of unique websites that today’s consumer logs into on average).

Ongoing security awareness training: Social engineering attacks are the most common way a network is compromised today. Continued education for employees about the dangers of phishing emails and how to identify them is critical. Additional training covering ransomware, customer identification, and other common social engineering attacks will dramatically reduce the risk of a successful cyber attack.

Phishing testing: Phishing assessments provide insight into how the business will fair during a simulated phishing attack. Testing provides employees a chance to see how authentic phishing emails can seem and the results can be used to further increase employee education and awareness.

Back up your information: Backups can also make or break a business. Ransomware, viruses, and hardware failures can cause everything that a business is storing digitally to be lost in an instant. A business should follow the 3-2-1 strategy, meaning at least three (3) total copies of your data are available, stored on two (2) differed mediums (backup tape AND external hard drive, for example), and at least one (1) copy stored offsite.

Small businesses cannot afford to lag in information security. Every business must understand and implement basic information security needs to prevent the most basic and automated of attacks. Once addressed, a proactive approach to security will keep the business and its customer information secure and avoid being a low hanging fruit that is easy for an attacker to reach.